Configuration Guide Vol. 2

20.2.2 Configuring Policy-Based Mirroring

The target frame for policy-based mirroring and the destination interface list for mirroring the target frame are specified in the access list. The destination interface is configured in the Destination Interface list.

To use policy-based mirroring, set the flow detection mode on the receiving side to a mode that supports policy-based mirroring.

<Structure of this section>

(1) Setting a 1-Monitor Port to 1-Mirror Port

The following shows an example of operating a single monitor port to a single mirror port. In this example, the analyzer is connected to Ethernet interface 1/0/10.

Points to note

Configure the destination interface list for the mirror port. For the monitor port, configure the destination interface list as policy-based mirroring with the access list specified for operation.

Command examples

  1. (config)# destination-interface-list MIRROR-LIST-A mode mirror

    (config-dest-mirror)# destination session 1 interface gigabitethernet 1/0/10

    (config-dest-mirror)# exit

    Sets Ethernet interface 1/0/10 as the mirror port in the destination interface list (MIRROR-LIST-A).

  2. (config)# mac access-list extended MIRROR-A

    (config-ext-macl)# permit any any vlan 100 action policy-mirror-list MIRROR-LIST-A

    (config-ext-macl)# exit

    Creates a MAC access list (MIRROR-A) and configures the destination interface list (MIRROR-LIST-A) for VLAN 100 packets.

  3. (config)# interface gigabitethernet 1/0/1

    (config-if)# mac access-group MIRROR-A in-mirror

    (config-if)# exit

    Applies MAC access list (MIRROR-A) as policy-based mirroring to the receiver of Ethernet interface 1/0/1.

(2) Configuring Multiple Monitor Ports to Multiple Mirror Ports

The following shows an example of operation with multiple monitor ports versus multiple mirror ports. In this example, the analyzer is connected to Ethernet interfaces 1/0/10 and 1/0/11.

Points to note

Configure multiple mirror ports in the destination interface list. Sets the access list for which this destination interface list is specified for operation as a policy-based mirroring for multiple monitor ports.

Command examples

  1. (config)# destination-interface-list MIRROR-LIST-B mode mirror

    (config-dest-mirror)# destination session 1 interface gigabitethernet 1/0/10

    (config-dest-mirror)# destination session 2 interface gigabitethernet 1/0/11

    (config-dest-mirror)# exit

    In the Destination Interface List (MIRROR-LIST-B), configure Ethernet interfaces 1/0/10 and 1/0/11 as mirror ports.

  2. (config)# ip access-list extended MIRROR-B

    (config-ext-nacl)# permit udp any any action policy-mirror-list MIRROR-LIST-B

    (config-ext-nacl)# exit

    Sets the destination interface list (MIRROR-LIST-B) for IPv4 packets by creating a IPv4 access list (IPv4-MIRROR-B).

  3. (config)# interface gigabitethernet 1/0/1

    (config-if)# ip access-group MIRROR-B in-mirror

    (config-if)# exit

    (config)# interface gigabitethernet 1/0/2

    (config-if)# ip access-group MIRROR-B in-mirror

    (config-if)# exit

    (config)# interface gigabitethernet 1/0/3

    (config-if)# ip access-group MIRROR-B in-mirror

    (config-if)# exit

    Applies IPv4 access list (IPv4-MIRROR-B) as policy-based mirroring to the receivers of Ethernet interfaces 1/0/1, 1/0/2, and 1/0/3.

[Product name label]

All Rights Reserved, Copyright(C), 2017, 2023, ALAXALA Networks, Corp.